Electric utility companies do have some interesting dynamics. Staff tend to have long tenures, so many of the plant operations folks remember days before they had to deal with IT folks to do their business. But, everybody (and I mean everybody) at this point understand the necessity and value of a strong IT staff. They may resent it, but they get it.
And, you can bet that the IT departments at electric utilities are as professional as any. Your assumption that they don't want to be good at it is utterly and shamefully false. Even if it were true, they have no choice. There's a lot going on at utility companies that these types of scare-mongering authors never talk about. She very briefly mentions the NERC-CIP regulations (glossed them over, really) without also mentioning the IT components of reliability audits, internal audits, internal exercises, external pen tests, coordinated exercises with regional entities, law enforcement, FERC, etc. Industry peer groups play a big role as well. Protecting the power grid is vitally important to us. Why on earth would it not be? We run a metered business. We can't bill if we aren't creating, transmitting and distributing power.
Is it vulnerable? Of course, as is the highway system, water, food distribution, agriculture, shipping, etc.
Now, I totally agree that NERC-CIP should be more assistive and less about pure compliance with standards; but "continuous improvement" is a concept that is constantly harped on by both staff and regulators. It's already there.